gogrlx/nats-server
1
0
Fork 0
mirror of https://github.com/gogrlx/nats-server.git synced 2026-04-17 03:24:40 -07:00
Code Issues Packages Projects Releases Wiki Activity

Make sure mixed mode supported for config files.

Browse Source 
Use test helpers for generating tmp configs.

Signed-off-by: Derek Collison <derek@nats.io>
This commit is contained in:
Derek Collison
2018-09-10 15:26:42 -07:00
parent fff62d5bf7
commit e8611b1f47
3 changed files with 41 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
server/nkey_test.go
View File

@@ -21,6 +21,7 @@ import (
"fmt"
mrand "math/rand"
"net"
"os"
"strings"
"testing"
"time"
@@ -209,6 +210,27 @@ func TestMixedClientConnect(t *testing.T) {
}
}
func TestMixedClientConfig(t *testing.T) {
confFileName := createConfFile(t, []byte(`
authorization {
users = [
{nkey: "UDKTV7HZVYJFJN64LLMYQBUR6MTNNYCDC3LAZH4VHURW3GZLL3FULBXV"}
{user: alice, password: foo}
]
}`))
defer os.Remove(confFileName)
opts, err := ProcessConfigFile(confFileName)
if err != nil {
t.Fatalf("Received an error processing config file: %v", err)
}
if len(opts.Nkeys) != 1 {
t.Fatalf("Expected 1 nkey, got %d", len(opts.Nkeys))
}
if len(opts.Users) != 1 {
t.Fatalf("Expected 1 user, got %d", len(opts.Users))
}
}
func BenchmarkCryptoRandGeneration(b *testing.B) {
data := make([]byte, 16)
for i := 0; i < b.N; i++ {

37
server/opts.go
View File

@@ -267,12 +267,8 @@ func (o *Options) ProcessConfigFile(configFile string) error {
}
// Check for nkeys
if auth.nkeys != nil {
if o.Users != nil {
return fmt.Errorf("Can not have users when nkeys are also defined.")
}
o.Nkeys = auth.nkeys
}
case "http":
hp, err := parseListen(v)
if err != nil {
@@ -474,16 +470,12 @@ func parseAuthorization(am map[string]interface{}) (*authorization, error) {
}
auth.timeout = at
case "users":
users, err := parseUsers(mv)
nkeys, users, err := parseUsers(mv)
if err != nil {
return nil, err
}
switch users.(type) {
case []*User:
auth.users = users.([]*User)
case []*NkeyUser:
auth.nkeys = users.([]*NkeyUser)
}
auth.users = users
auth.nkeys = nkeys
case "default_permission", "default_permissions", "permissions":
pm, ok := mv.(map[string]interface{})
if !ok {
@@ -510,11 +502,11 @@ func parseAuthorization(am map[string]interface{}) (*authorization, error) {
}
// Helper function to parse multiple users array with optional permissions.
func parseUsers(mv interface{}) (interface{}, error) {
func parseUsers(mv interface{}) ([]*NkeyUser, []*User, error) {
// Make sure we have an array
uv, ok := mv.([]interface{})
if !ok {
return nil, fmt.Errorf("Expected users field to be an array, got %v", mv)
return nil, nil, fmt.Errorf("Expected users field to be an array, got %v", mv)
}
var users []*User
var keys []*NkeyUser
@@ -522,7 +514,7 @@ func parseUsers(mv interface{}) (interface{}, error) {
// Check its a map/struct
um, ok := u.(map[string]interface{})
if !ok {
return nil, fmt.Errorf("Expected user entry to be a map/struct, got %v", u)
return nil, nil, fmt.Errorf("Expected user entry to be a map/struct, got %v", u)
}
var perms *Permissions
var err error
@@ -539,11 +531,11 @@ func parseUsers(mv interface{}) (interface{}, error) {
case "permission", "permissions", "authorization":
pm, ok := v.(map[string]interface{})
if !ok {
return nil, fmt.Errorf("Expected user permissions to be a map/struct, got %+v", v)
return nil, nil, fmt.Errorf("Expected user permissions to be a map/struct, got %+v", v)
}
perms, err = parseUserPermissions(pm)
if err != nil {
return nil, err
return nil, nil, err
}
}
}
@@ -559,25 +551,22 @@ func parseUsers(mv interface{}) (interface{}, error) {
// Check to make sure we have at least username and password if defined.
if nkey.Nkey == "" && (user.Username == "" || user.Password == "") {
return nil, fmt.Errorf("User entry requires a user and a password")
return nil, nil, fmt.Errorf("User entry requires a user and a password")
} else if nkey.Nkey != "" {
// Make sure the nkey is legit.
// Make sure the nkey a proper public nkey for a user..
if !nkeys.IsValidPublicUserKey(nkey.Nkey) {
return nil, fmt.Errorf("Not a valid public nkey for a user")
return nil, nil, fmt.Errorf("Not a valid public nkey for a user")
}
// If we have user or password defined here that is an error.
if user.Username != "" || user.Password != "" {
return nil, fmt.Errorf("Nkey users do not take usernames or passwords")
return nil, nil, fmt.Errorf("Nkey users do not take usernames or passwords")
}
keys = append(keys, nkey)
} else {
users = append(users, user)
}
}
if len(keys) > 0 {
return keys, nil
}
return users, nil
return keys, users, nil
}
// Helper function to parse user/account permissions

20
server/opts_test.go
View File

@@ -764,18 +764,14 @@ func TestNewStyleAuthorizationConfig(t *testing.T) {
// Test new nkey users
func TestNkeyUsersConfig(t *testing.T) {
confFileName := "nkeys.conf"
defer os.Remove(confFileName)
content := `
confFileName := createConfFile(t, []byte(`
authorization {
users = [
{nkey: "UDKTV7HZVYJFJN64LLMYQBUR6MTNNYCDC3LAZH4VHURW3GZLL3FULBXV"}
{nkey: "UA3C5TBZYK5GJQJRWPMU6NFY5JNAEVQB2V2TUZFZDHFJFUYVKTTUOFKZ"}
]
}`
if err := ioutil.WriteFile(confFileName, []byte(content), 0666); err != nil {
t.Fatalf("Error writing config file: %v", err)
}
}`))
defer os.Remove(confFileName)
opts, err := ProcessConfigFile(confFileName)
if err != nil {
t.Fatalf("Received an error reading config file: %v", err)
@@ -787,9 +783,7 @@ func TestNkeyUsersConfig(t *testing.T) {
}
func TestNkeyUsersWithPermsConfig(t *testing.T) {
confFileName := "nkeys.conf"
defer os.Remove(confFileName)
content := `
confFileName := createConfFile(t, []byte(`
authorization {
users = [
{nkey: "UDKTV7HZVYJFJN64LLMYQBUR6MTNNYCDC3LAZH4VHURW3GZLL3FULBXV",
@@ -799,10 +793,8 @@ func TestNkeyUsersWithPermsConfig(t *testing.T) {
}
}
]
}`
if err := ioutil.WriteFile(confFileName, []byte(content), 0666); err != nil {
t.Fatalf("Error writing config file: %v", err)
}
}`))
defer os.Remove(confFileName)
opts, err := ProcessConfigFile(confFileName)
if err != nil {
t.Fatalf("Received an error reading config file: %v", err)